Three rookie concerns about business blockchain security

Bitcoin was the first successful cryptocurrency (crypto). The technology that enables Bitcoin is blockchain. The majority of businesses deploying blockchain applications are not using cryptocurrencies, so some common business blockchain security concerns don’t apply.

One of the things that worries people is they hear about crypto hacks, and understandably assume all crypto and blockchain is insecure. This is not the case. The Bitcoin blockchain has been running for more than nine years without a central authority, and nobody has managed to hack it, even though Bitcoin runs on thousands of machines operated by strangers.

How does this tally with the security concerns you’ve read?

Wallets

When you own cryptocurrencies, you can store them in a digital wallet which comes with your digital private keys. If you store the wallet and keys on your computer or phone and either get hacked, then someone can steal your currency, in the same way, they can take any other data you store like your bank account information.

There’s a solution to this. Some enterprising people created special USB sticks which can store your wallet and are far more difficult to crack. The two best-known ones are the Trezor and Ledger Wallets.

Most business blockchain applications don’t use cryptocurrencies and do not require individuals to store private keys or have wallets.

Software bugs

Many people store their currency outside of these two USB wallets. Parity was a popular wallet for Ethereum. It was hacked not once, but twice. On the second occasion, nobody stole money, but $160m worth of Ethereum currency was blocked forever because someone triggered a bug, most likely intentionally.

The founder of Parity suffered the most because his latest venture Polkadot had just completed an ICO and they lost $98 million.

Another well-known hack was a poorly implemented smart contract for The DAO which lost $50m. This was during the early days of Ethereum and resulted in Ethereum splitting in two to recover the money.

Most business blockchain apps don’t use crypto or wallets.

Exchanges

To buy cryptocurrencies using dollars or ‘fiat’ currency, people usually go through an exchange. They transfer money to the exchange, and the exchange gives them cryptocurrency. You can store the currency in your own wallet, but many people prefer the exchange to store the crypto for them under the delusion that it will be secure.

Exchanges are the modern-day version of banks but don’t have the paranoid processes that established banks put in place. Many of them struggle to keep up with the growth, and rapid expansion and security are tricky bedfellows. Unless you’re very wealthy, for a hacker the exchanges are much juicier targets than your wallet.

And the statistics demonstrate this.

In 2014 Mt. Gox a Japanese based exchange lost $473m in a hack, which amounts to roughly $5billion at today’s prices. Or rather its customers lost that amount, and the business shut down.

In 2016 Bitfinex lost $72m in a hack which equates to $1billion today. They’re still one of the largest exchanges and ‘socialized’ the loss.

According to Tyler Moore of the University of Tulsa, a third of Bitcoin exchanges have been hacked.

Most business blockchain apps don’t use cryptocurrency, personal wallets or exchanges, which means these specific risks do not apply, but that shouldn’t imply that all business applications are inherently secure. We’ll explore how business applications are structured and the threats in another post.